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29 August 1979 


MEMORANDUM : Deputy Director for Administration 


FROM: James H. McDonald 
Director of Logistics 


SUBJECT: Industrial Security Oversight Si 


REFERENCE: D/OS memo dtd 17 August 1979, same 
subject; (DDA 79-2725) 


1. I believe Bob has given a pretty good picture of his 
oversight into the industrial contract/security efforts of the 
Agency. There is certainly far more liaison and interface now 
with elements of the main Office of Security and Industrial 
Security Officers (ISO) assigned to Logistics or S&T than there 
was just a few years ago. These channels of communication are 
clear and, as Bob states, are fast and free of protocol so that 
he or his staff is quickly informed of problems. [ | 25X4 


2. As he points out in paragraph 6, however, the key in- 
gredient is the relationship created between the contractor and 
the ISO assigned to Logistics or S&T who works with the contrac- 
tor on a day-to-day basis. This relationship is further enhanced 
by the degree of rapport and understanding between the ISO and 
his contracting officer, since it is only through the latter that 
the contractor's compliance with security provisions is imple- 
mented and enforced. I believe these relationships are at an 
alltime high and we are all working very closely together. [ ] 25X1 


3. Where there is conflict between the contracting/security 
officers and the technical officers that cannot be resolved at 
the component level, Bob and I have jointly addressed these 
issues particularly with S&T. An example of such is the 
joint memorandum to the D/ORD/S&T on the issue of incorporating 
the new Industrial Security Manual (memorandum attached). 


| ~ 


OL 9-3613 


‘ z is gay GHC tel Aye Ns 
‘ a ‘ ‘ eee 
Meee Maat? & ON “ob 


Approved For Release 2003/02/27 : CIA-RDP82-00599R000100170002-7 


Approved For it © @ i110, : NTT 2-00599R000100170002-7 
INFIDEN Fj 


SUBJECT: Industrial Security Oversight 


4. I would take issue with Bob on only one point, and 
that is the use of security audit teams mentioned in para- 
graph 7. As Bob points out, these unannounced audits result 
in recommendations which are forwarded to Logistics or S&T for 
appropriate action. I am not so sure that it wouldn't be a 
better investment of resources to assign these security offi- 
cers now doing audits to the contracting elements/teams to 
work closely with contractors on a daily basis to develop good 
security practices and policies, as opposed to an annual, or 
at best a biennial, review. If something is wrong now, I 
don't think we should wait a year or two to find out. This 
type of resource investment is particularly applicable to the 
Logistics contracting program as opposed to the National 
programs. These types of industrial security programs are 
different, in that under the National programs security follows 
the particular contract or project and there is continuous 
contact and liaison between the security officers and the con- 
tractors. On the Agency, or Logistics, side it is more of an 
industrial facility security program. By this I mean the 
security procedures for a facility are established and approved 
to accept a variety of contracts from many different Agency 
components. At any given time there may be a dozen or more 
different contracts in a contractor's facility, involving five 
or six different contracting elements/teams. Therefore, it is 
necessary that a consistent, and perhaps a broader, security 
policy framework be established for the contractor to work 
within since it is not possible for the ISO to monitor individual 
contracts on a daily basis. Additional resources would increase 
the amount of contact between OL, ISO's, and contractors, pro- 25X1 
viding a more current examination of contractors' practices. 


James H. McDonald 
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45 AUG 1973 


MEMORANDUM FOR: Director of Research and Development 


FROM: James H. McDonald 
Director of Logistics 


Robert W. Gambino 
Director of Security 


SUBJECT: Security Requirements [| 25X1 


REFERENCE: D/R&D memo dtd 23 July 1979, subject: 
Security Procedures for Contractors 
(ORD 1105-79) 


1. We have reviewed your comments in referent concerning 
our new industrial security manual, Standard Security Procedures 
for Contractors, and will address the various issues you have 
Taised. Initially, however, we would like to clarify an appar- 
ent misunderstanding. The new industrial security manual is 
not in effect at the present time. It is currently being 
distributed to contractors, and will not become effective earlier 
than 120 days after receipt. Contractors are also afforded the 
opportunity to voice any concerns, request waivers, or submit 
proposals for resultant cost increases by virtue of the new 
manual. 


2. The decision to purchase the security container for 
the [L_——ss—C”s*d as made under existing security 
regulations. While the new industrial security manual does 
strengthen some security areas, it does not Significantly 
change current storage standards. i aes to alarm, 


for example, is not a new criterion. 25xX1 
3. Your concern for the impact of the manual on small 
contractors is understandable and we share it. We perceive 
difficulty, however, in attempting to establish different 
security standards to accommodate the various strata of 
vendors who will contend for classified Agency contracts. 
25X1 
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We are sure that you will agree that the size of the company 

or the dollar value of the contract does not necessarily 

govern the sensitivity of the information involved. A “small 
contractor" could be in possession of highly classified mate- 
rial, making it inappropriate to reduce standards based on 
smallness of the contractor. [ | 25X14 


4, Additionally, consideration must be given to the 
possibility that the small contractor may have a continuing 


contractual relationship with us. For example, the total 
value of the 16 contracts with this 
Agency since 1972 (7 with your Tce and 9 with OTS and 


NPIC) now exceeds $230,000 and there is every indication 


that our classified ee relationship with[ 


will continue in the future. 


25X1 
25X1 


5. Obviously, there are always some inequities between 
contractors despite the attempts we make to equalize their 
opportunities to bid. In the past, our Agency Industrial 
Security Officers have always exhibited flexibility in find- 
ing solutions which will allow our procurement actions to 
proceed with minimal risk. The Agency Task Force on Indus- 
trial Contracts and Industrial Security reinforced this 
philosophy in their recommendation to the DCI, in response 
to his request for a new, uniform and precise industrial 
security manual, by stating that "...we cannot completely 
abandon the flexibility which has permitted the experienced 
Industrial Security Officer to make reasoned, independent 
security judgments on-site consonant with cover and opera- 
tional considerations."' Thus, when the situation demands, 
the Industrial Security Officer can, with approval from 
appropriate authorities and careful recording of the fact 
make adjustments which will best serve Agency programs. |] 


6. In the instant case, while the 
Company's safekeeping equipment technically did not meet 
security standards, the cognizant Industrial Security Officer, 
after an overall security assessment, decided to allow the 
contractor to continue on our contract. During the most 
recent security inspection, it was determined that the con- 
tractor's efforts now involve such considerations as the 
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storage of sight-sensitive equipment and classified ADP discs 
in addition to classified documents. As a consequence, a 
technically approved security container was recommended. In 
view of the contractor's location, an alarm requirement was 
not levied by the cognizant Industrial Security Officer. 


7. In summary, we agree with your observations con- 
cerning the difficulties we face in bringing new contractors 
into the classified RFP arena and we will do everything 
consonant with good security to assure the flexibility 
necessary to promote maximum competitive opportunities. [| 


/s/ James 2. McDonald 
James H. McDonald Robert W. 
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MEMORANDUM FOR: Deputy Director for Administration 


FROM: Robert W. Gambino 
Director of Security 


SUBJECT: Industrial Security Oversight [| 


1. Action Requested: None; for information only. lis) 25X1 


2. In all classified contracting modes, it is recognized 
that security is a command responsibility and that security 
guidance must ultimately be provided to the contracting 
officer who alone possesses the delegation of authority to 
Sign contracts binding the Government and, by contractual 
agreement, establishes binding security requirements. [| 


3. Agency regulations, as revised in 1978 following DCI. 
approval of an Industrial Security Task Force report, charge 
the Director of Security with coordinating the entire indus- 
trial security effort of the Agency; insuring that industrial 
Security support is well organized and effective; exercising 
functional supervision over all Agency Industrial Security 
Officers; developing and publishing uniform security policy 
and standards for industrial contractual arrangements; and 
providing trained professional security officers to those 
Agency components engaged in industrial contracting. 


4. The terms used in these regulatory functions do not 
spell out the dichotomy which exists between Agency programs 
and National programs. The intent is clear, however, that 
the functional oversight to be provided by the Director of 
Security extends over both areas. (That the dichotomy would 
continue was reaffirmed by the decision to not approve the 
recommendation of the Industrial Contracts and Industrial 
Security Task Force to establish a single delegation of 
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contracting authority rather than continuing the existing 
dual delegation from the DCI to the Director of Logistics 
and to the Chief, Contracts Staff, Office of Development 
and Engineering.) 


5. In recognition of this continuing dichotomy, the 
Director of Security exercises oversight primarily through 
two senior career security officers -- the Chief, Security 
Staff, OD&E, and the Chief, Security Staff, OL. These 
seasoned professionals can be counted upon to inform the 
Director of Security promptly of any security flaps; 
problems arising in the physical, technical, and personnel 
security areas; security decisions involving important 
policy variances; and security decisions where rigid adher- 
ence to security standards creates a standoff in getting the 
job done. The system is fast, flexible, free of protocol, 
and provides the Director of Security with the opportunity 
to be aware of deviations, make reasoned judgments, and 
reach timely decisions. [_] 


6. In order, however, for the Director of Security 
to achieve maximum oversight of the entire industrial secu- 
rity support system, the following additional steps have 
been taken to bring the Director of Security and the Indus- 
trial Security Officer closer together. (The Industrial 
Security Officer is an active participant in the classified 
contracting team concept. The more conversant he is with 
the technical aspects of his contracts, the more effective 
he can be in working up security plans and providing guidance. 
The relationships he creates with his contractors go a long 
way toward determining how much feedback and knowledge the 
contracting components and the Director of Security obtain 
regarding incipient or active security problems -- it must 
be a carefully nurtured, professional relationship, establish- 
ing a working rapport of mutual problem solving. Once 
established, this relationship fills an informational and 
timeliness which no formal inspection system can ever 
provide.) 
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a. Letters of Instruction tailored for 
each individual Industrial Security Officer 
(ISO) have been prepared, reviewed and 
approved by the Office of Security. 


b. The fitness report for each ISO (which 
is written by the contracting component) is 
reviewed by the Office of Security. An overall 
evaluation as to each ISO's performance in 
Carrying out security policy is prepared, 
reviewed with the officer, and formally re- 
corded in the official personnel file. 


c. Each individual ISO (including those 
is seen personally by a 
senior representative of the Office of Security 
On a one-on-one basis at a minimum of twice a 
year. A report of each_meeting is given to the 
Director of Security. 


d. Monthly activities reports from each 
contracting component are submitted to the 
Office of Security for review. 


e. The Director of Security meets personally 


once a_month with a whi 
ISO's 
in order to Keep them abreast of Office policy 


and activities. On a biweekly basis, the 

Director of Security meets with a group which 
includes the senior ISO from the staffs of the 
Director of Logistics and the Director of Develop- 
ment and Engineering. 


f. <A representative of the Director of Secu- 
rity attends the monthly meeting of all ISO's 
involved in Agency contracts. = 


g. <A representative of the Director of 
Security sits on the Agency Contract Review 
Board and the newly created National Programs 
Contract Review Board. 
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h. A direct link has been set up from 
each ISO to a senior representative of the 
Director of Security through which the ISO 
can express his formal written views of 
security audit findings and seek other solu- 
tions when ,his professional judgment so 
dictates. [] 


7. In order to assess the quality of the security 
support at contractor sites, the Industrial Security Branch 
conducts unannounced security audits, the results of which 
are forwarded to the Office of Development and Engineering 
and/or the Office of Logistics for appropriate action. To 
streamline the security auditing process, Office of Security 
auditors have recently adopted the practice of giving their 
recommendations directly to the cognizant ISO within 10 days 
after completing the audit. A senior representative of the 
Director of_Security attends each one of these briefing 
sessions. 


8. In coordination with the Director of Logistics 
he Deputy. Director for Science and Technology, the 
ISO strength has been increased from five to 

nine with area management responsibilities 
placed clearly with one senior ISO for the National program 
and one senior ISO for the Agency program. The old anomaly 
of having the DDS&T provide security management for non- 
DDS&T Agency programs has been eliminated. 


9. In coordination with the Director of Logistics, 
two additional ISO's have been assigned to the Security 
Staff of that Office to increase contractor security over- 
sight capabilities. 


10. A new industrial security manual, Standard Security 
Procedures for Contractors, has been prepared and sent out 
to some 400 contractors for their review and comments prior 
to incorporating its terms into existing and future con- 
tracts. (A copy accompanies this paper.) 


11. A second industrial security seminar will be given 
this fall for some 40 contractors’ security representatives. 
Included on the agenda will be discussions on improving 
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communications, the impact of APEX on the SCI world, the FBI 
Industrial Counterintelligence program, the impact of the 
terms of the new industrial security manual, and finally 
individual discussions on_items of particular interest to 
any of the contractors. 


12. The following table gives the location and number 
of the Industrial Security Officers currently serving outside 
the Office of Security in the Agency and National programs: 


Office of Logistics (Agen 
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